For whatever reason you don't want an account, you may still report vulnerabilities – anonymously! However, if you want to participate in the coordination process, including discussions with vendors and researchers/reporters, then an account is required. VINCE was designed and created to encourage the interaction between vendors and reporters. An potential benefit is that multi-vendor coordination efforts may become more cooperative – with vendors sharing information on how to mitigate the vulnerability.

CERT Vul Reporting Form Image Modified

Getting an account

...

Once you receive the access code please

Email containing confirmation code Image Modified

Enter the code into the form
Click submit.

...

VINCE coordinator reviews your account for approval.
Upon approval,
1. You will receive an email indicating your account has been approved and you are directed to kb.cert.org/vince to log on.
  Image Modified
2. If you have your browser open and the approval came quickly, you may also have a popup box indicating you can not login.
Image Modified

...

Login first time - Multi-Factor Authentication Required

Image Removed First-time login Image Added

VINCE currently offers a choice

Time-based one-time (TOTP) passwords as second factor authentication. To use TOTP, you need access to an app such as Google Authenticator, Duo, or LastPass Authenticator.
Short Message Service (SMS) text messages

Image Removed Select the multi-factor authentication method Image Added

...

TOTP

Select TOTP
The system generates an image that is scanned into your device, running an application ... and displays the scan code on your screen
Scan the code into your authentication application. This action should generate a code.
Enter that temporary password (or code).
(Optional) Name that device, software or application, so you may easily access the correct code generator.
Image Removed
Image Added
You will have two forms of confirmation your account has successfully enabled TOTP Multi-factor authentication on your account.
1. Web page indicating success and displaying your User Profile
  Image Modified
2. An email message
  Image Modified

...

SMS

Select SMS
Enter the phone number you will use to receive text messages containing an authorization code.
1. Use the International format as follows: + (country code) phone number
2. If you have a United States number, please use +1 NPA-XXX-XXXX
  (NPA: Numbering plan Area a.k.a. area code)
  Image RemovedImage Added
Click Submit
Verify your account by entering the authorization code contained in the text message.

Image Modified
You will have two forms of confirmation your account has successfully enabled SMS Multi-factor authentication on your account.
1. Web page indicating success and displaying your User Profile
  
  Image Modified
2. An email message
  Image Removed
  Image Added

...

Password Recovery

...

Failed login attempt
1. A failed login attempt will display a reminder that the user email address and password are case sensitive.
2. Within this box are two options:
  1. 1. Forgot your password?
  2. 2. Signup for a VINCE account
VINCE Password Reset
1. Enter the email address for a password reset,
2. Click Submit
  
  Image Modified
3. Or, Click Need help?
4. Need help? will display the VINCE Account Help providing:
  1. The link to reset your password;
  2. Telephone number to request assistance;
  3. Email address to request assistance.
  Image Modified
VINCE Password Recovery form
1. Your email should have a message with a verification code.
  Image Modified
  1. If you have not received an email, please check your spam folder
  2. Go back and re-enter the email address.
  3. If your email address has changed, please use the VINCE Account Help to get your current email address updated in the VINCE system.
2. Enter the verification code;
3. Enter the new password (password requirements are the same);
4. Re-enter the new password;
5. Click on Submit.
6. VINCE will respond with Password Reset Complete message and the link to login.